We have become aware of phishing and wire fraud scams affecting real estate brokers, their agents and customers. Given the ongoing risks of wire fraud and email hacking, I wanted to reiterate the alert to our agents about these scams so that you can take measures to protect our customers and clients.
One recent phishing involved an attachment in an email titled “USAA New Form Statement.pdf” and the email was sent from the email address of firstname.lastname@example.org, The two additional “aa”s are an indication that this was not a legitimate e-mail.
In another recent example, a Buyer’s Agent at a competitor company had their computer compromised. The hacker then read all the email correspondence involving a transaction. 30 minutes after notification to the Buyers Agent that the escrow had closed, the thief sent a very real looking email (purportedly from the Seller) to the Escrow Officer asking to change the wiring instructions. The sales proceeds were in turn, wired to the thief and not the seller.
The Select Group strongly recommends that its real estate agents, their clients and all those in communication about a home sale/purchase transaction (e.g., Realtors, Mortgage Lenders, Title/Escrow Officers) avoid transmitting sensitive financial or personal information in an email, either directly or through an email attachment. If you need to send or request sensitive information such as Social Security numbers, bank accounts, credit card numbers or wiring instructions, you should only provide the information in person, by telephone, overnight mail, secure fax, or encrypted email.
*Note: All agents and employees of The Select Group have been provided an encrypted email at no cost. We recommend you use it for all emails containing sensitive information. Click here to get started with encrypted email.
As a reminder, the following precautions should be taken related to bank wire transfers:
- ALWAYS PERSONALLY VERIFY wire instructions by calling the party who sent the instructions. Use only phone numbers that you have called before or can otherwise verify. Do not use the number provided in the sender’s email. The hacker may have inserted a fraudulent telephone number in the email. Do not send an email to verify instructions because the sender’s listed email address may be false or a hacker may intercept your email to the sender.
- VERBALLY ASK the party who sent the instructions to confirm the ABA routing number or SWIFT code and the credit account number. Because a hacker may have altered the attachment containing the wire instructions, simply asking the sender whether wire instructions were sent is not sufficient.
- DO NOT AGREE to requests to forward wire instructions to other parties (or their brokers) unless you have personally, verbally confirmed the instructions.
- BE VERY SUSPICIOUS of emails with purportedly updated, revised, or corrected wiring instructions. It is extremely rare that a title agent, or client, will change wire instructions during the course of a transaction.
- MAKE SURE you are not sending or requesting sensitive financial information in emails (e.g., Social Security numbers, bank accounts, credit card numbers, wiring instructions). Also, make sure to use strong passwords (e.g., 8 characters including both letters and numbers and nothing obvious) and frequently change your passwords.
- DON’T open attachments or click on links from unfamiliar sources because they could contain malware or be a phishing scheme, which once opened could allow a hacker the same access that you have to your computer and accounts.
Written by Dan Jacuzzi, President of The Select Group. For questions or further information, email email@example.com.
What would YOU like to see in the next edition of Risk Management? Let us know.